Privacy Policy


Elevate Credit International Limited (“Elevate”) is committed to safeguarding the privacy of your personal data.

Elevate is registered with the Information Commissioner’s Office (ICO) under registration number Z8907456.

We operate in the UK so if you choose to use our website from outside the UK, you do so at your own risk. This website is not targeted at customers outside the UK.

This Policy was created in May 2018 and provides information in respect of how we and others use your personal data.


Elevate Credit International Limited, is registered in England at KPMG LLP, 15 Canada Square, Canary Wharf, London, E14 5GL, under company number 05041905.

If you want ask us about our use of your personal data please contact us at


We want to try and make it as clear as possible what it is you are agreeing to when you provide your personal data to us.

When you apply for a loan with us or you provide personal information in respect of someone else’s loan application, you will be asked provide us with information (including name, address, phone number(s), email address, date of birth, income and expenditure information, bank and debit card details). This, and any other information from which you may be identified constitutes personal data.

You may also provide personal data when you speak with our customer services representatives or you update your online account information (My Account).

This policy sets out the basis upon which we will use, store, collect, disclose and transfer (individually or collectively referred to as processing) your personal data. It sets out the basis upon which we send you marketing, use cookies and share your personal data with third parties.


We may need to update this Policy at any time and without notice and when we do this we will inform you via your online account and/or by email.


Application data

When you make an online application we ask you to provide a lot of personal data.

We need the personal data you provide to perform our contract with you, and more specifically for the reasons set out below, including to conduct checks prior to granting a loan, to complete the loan agreement with you, to manage your loan account and to collect payments and/or recover debt. We will also use it to contact you.

Credit Reference Agencies & Fraud Prevention Agencies

We will share your personal data with credit reference agencies (CRAs) and fraud prevention agencies (FPAs) as part of the regulatory requirements placed on us, to conduct creditworthiness and affordability assessments before entering into an agreement with you and to prevent financial crime.

The personal information we have collected from you will be shared with FPAs who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused finance. Further details of how your information will be used by us and these FPAs, and your data protection rights, can be found here.

Your personal data is also used for:

  • managing your account;
  • verifying the accuracy of the data you have provided to us;
  • debt recovery and debtor tracing.
All of the above processes are required for the performance of our contract.

These CRA and FPA searches will be recorded. Other credit providers may search these records. Your information may be linked to others living at your address. We may disclose information about how you conduct your account to third parties. We have a legitimate business interest to conduct this type of processing.

We are obligated to provide details back to CRAs and FPAs to inform them of the performance and repayment history of the loan account and suspected or discovered fraud. If you provide false information and/or we suspect fraud we will record this and may report our suspicions to appropriate law enforcement agencies.

We may continue to receive and exchange personal data with CRAs while you have a relationship with us. Please see the Account management section below.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail and is accessible from each of the three CRAs. By clicking on any of these three links you will be taken to the same document:

Account management

We use your personal data to help us manage your loan account with us, this includes personal data you may amend if you update your online account.

Whilst your loan account remains active (whether or not you have an outstanding loan balance), we receive account management data from CRAs and FPAs to help us make decisions as to whether to make additional funds available for you to borrow. We have a legitimate interest in undertaking this process.

We may also share your personal data with third parties to assist in the collection of repayments and recovery of debt and/or if we assign the loan agreement to debt purchasers or if we were to sell our business.


We use your personal data to undertake periodic statistical analysis and/or to ensure the suitability of existing and future products and services. This also helps us to better understand our customers' requirements so we can develop, improve and test products and services. This processing is undertaken as a legitimate interest of the business.

When you contact us

When you correspond with us by phone or e-mail you may also provide personal data. We use this to manage your loan application, your loan account and to respond to any questions or concerns you may have. Phone calls are recorded in the legitimate interests of our business quality and security standards.


Browsing patterns, interaction with our website and your equipment

Each time you visit our website, certain technical data about you is collected. In some cases this is collected by us and in some cases this is collected by third parties. This includes details about your equipment, browsing actions and patterns.

Our Cookie Policy explains what we collect and why and allows you to change certain preferences. It also explains when third parties collect data and how you can manage that.


Third Parties Service Providers

  • Credit References Agencies & Fraud Prevention Agencies: Sometimes we obtain personal data from, and share personal data with CRAs and/or FPAs, to assist us and CRAs and in creating and/or improving risk models. We only use third party data if the relevant consent has been provided.
  • Payment services providers: Sometimes other businesses give us personal data about you which we may need for our legitimate interests of conducting business with you, and on occasion they are necessary to perform our contract with you. This happens when we link through to third party payment providers. They tell us whether you have/have not made payments.
  • Debt management companies, Insolvency Practitioners & CMCs: We are under a legal obligation to work with third parties to whom you have provided authority to act on your behalf. In so doing they may provide us with information about you and may request information about you.
  • Third party contractors/service providers: We may also engage third party contractors to provide us with technical or delivery services that are related to your loan account with us. We need these providers to provide us with their services for our legitimate interests of operating our business and our website effectively.
    A list of third party contractors/service providers we engage to handle your personal data can provided on request.
  • Consumer research: We may use third party providers to undertake consumer research to assist us in understanding consumer needs and preferences, so we can improve or develop our products and services and also so we ensure we target appropriate consumers.
  • Consumer feedback & Reviews: We may send you an email to participate in providing feedback or reviews via third parties such as TrustPilot and NPS. We do not share your personal data with them. If you participate please check their respective privacy policies.
  • Direct Marketing: We may use third parties to send direct marketing material on our behalf, to our customers or to target consumer audiences. Our use of third parties to distribute marketing is in the legitimate interests of our business. In all cases we ensure you have been given the opportunity to inform us that you do not want to receive marketing from us.

Open Banking

This section of our Privacy Policy relates to Open Banking and should be read in conjunction with the other clauses in our Privacy Policy. In the event of conflict with any other clauses, this clause shall prevail.

What is Open Banking?

Open Banking is the secure way of providing access to your bank or building society account to providers who are registered for this purpose.

Registered providers and participating banks and building societies are listed under the Open Banking Directory.

Open Banking was set up by the UK Government to encourage more competition and innovation in the financial services sector.

As a forward thinking lender, we support the use of Open Banking as it allows us to process loan applications more efficiently, securely and in our consumer’s best interests.

By permitting access to your bank or building society account information we are able to make a more informed lending decision as we shall be able to verify your income, outgoings and other matters more efficiently in order to assess what loan terms would be suitable for you based upon what you can reasonably afford to repay.

Further information about Open Banking is available from

How will my personal data be shared and used for the purposes of Open Banking?

By proceeding with your loan application via our website you expressly consent to us sharing your personal, contact and loan application details (“the Shared Personal Data”) with our registered Open Banking partner, Perfect Data Solutions Limited (“PDS”) who are also a credit reference agency. During your loan application we shall safely and securely direct you to PDS’s secure portal (“the Portal”) for the purposes of granting PDS access to your bank or building society account information (“Transaction Information”). As soon as your Transaction Information is received it shall be reported back to us in the form of a completed search in order that we may continue to process your loan application (“the Permitted Purpose”).

Further information about PDS including their registered provider and regulatory status is available from

Is Open Banking secure?

PDS are registered under the Open Banking Directory as an account information service provider and are also regulated by the Financial Conduct Authority as a payment services firm under number 802599. Any data you submit via the Portal will be encrypted and its usage tracked as part of set Open Banking data security standards.

We are responsible for the secure transmission of any Shared Personal Data to PDS, for safely directing you to the Portal and for the safe receipt and usage of your Transaction Information.

You will not be required to share your banking password or log in details with either us or PDS. Once you have given your explicit consent to share your bank account information on the Portal you will be directed to your own bank or building society’s login page where you will enter in your own login details directly.

Save as set out above or elsewhere in this Privacy Policy, we are not responsible for your direct data transmissions with PDS or with your own bank or building society.

How will my Shared Personal Data and Transaction Information be used?

PDS shall, subject to their own terms and conditions and privacy policy, and, if your bank or building society is registered to provide access under the Open Banking Directory, obtain your Transaction Information and submit this back to us for the Permitted Purpose. By way of example, the Transaction Information that we shall receive is likely to include information relating to your income, outgoings and credit worthiness.

PDS shall be entitled to re-access your Transaction Information for up to 90 days from the date of your original search result in order to refresh the search results, obtain a snapshot of your data or gather additional data.

PDS shall hold the Shared Personal Data and the Transaction Information they receive and retain according to their own terms and conditions and privacy policy, available on the Portal, which you will be required to read and consent to once directed their via our website.

As PDS are also a credit reference agency they may also share and keep a record of your Shared Personal Data and Transaction Information.

Will you use my Transaction Information data for any other purpose?

The Transaction Information we receive about you will only be used for the Permitted Purpose. We do not sell or share Transaction Information with any third party.

Save as set out above the information contained in the rest of this Privacy Policy deals with how we collate, use, transfer, store, delete and other terms applicable to your personal data including Shared Personal Data and Transaction Information.

Do I have to provide you with my consent to proceed?

Where your bank or building society have already permitted access to your Transaction Information you shall need to contact them directly in order to withdraw your consent under their particular Open Banking terms and conditions.

Are any of my other rights under this Privacy Policy affected?

Your individual data protection and privacy rights including the right to access, correct, delete, object, restrict, withdraw consent, request transfer and/or make a complaint, continue to apply to relevant personal data we control or process and are dealt with elsewhere in this Privacy Policy.

Under Open Banking as your personal data is shared by your bank or building society and accessed by PDS you may also be able to exercise your individual data protection and privacy rights against either of them pursuant to their own terms and conditions and privacy policies.

Professional Advisers:

We may also share your personal data with professional advisers such as our lawyers and insurers to manage risks and legal claims. This is in our legitimate interests.


We may also enter partnerships with third parties to exchange information about you where we think it will give you an opportunity to get a great product or service but we will always inform you about this and ask for your express permission to participate in this.


We may provide suppliers of analytical services or advertising network and search engine providers with aggregate information about our users to help them reach certain demographics. We do not disclose information that identifies you as an individual.

Sometimes our website will use third party websites to make your log in easier (such as Facebook). Please be aware that by choosing to log in this manner, this connects your profile on that third party website with your profile on our website. Please read the privacy policy of all third party platforms operating this service.

We may also share your personal data with third party social media platforms (such as Facebook) in order to show you targeted ads when you visit Facebook. We do this by the use of cookies which capture your visits to our website. Please refer to our Cookie Policy for more information.

We may also provide these platforms with your email address to create ‘audiences’ of users fitting within a certain demographic/category so that we can target our marketing. The Facebook GDPR Portal explains these services in more detail. This use is in our legitimate interests of sending you direct marketing. Our Cookie Policy explains how you can adjust your cookies preferences.

If we offer you the opportunity to invite a friend to try our products using the contacts from a social network service (e.g. your Facebook friends or Gmail contacts then we will only do so with your permission and will only use those contacts for that purpose.


We may share your personal data within our group of companies in order to improve our products and services and because some of our internal support services are shared across the group. This is in our legitimate interests. Our parent company is Elevate Credit Inc. and they are based in the US. We have an inter-company agreement in place which requires our parent company to ensure that the appropriate safeguards are in place.

It is possible we could sell our business to a third party or re-organise our business or become insolvent. In that scenario, our database of customers is one of the biggest parts of that business and so we would need to share it with the third-party buyer and their advisers. This is in the legitimate interests of selling our business.

Law Enforcement/Legal Compliance:

We will co-operate with all third parties to enforce their intellectual property or other rights. We will also cooperate with law enforcement requests from within or outside your country of residence. This may include disclosing your personal information to government or law enforcement agencies, or private parties, when we have a good faith belief that disclosure is required by law or when we, in our discretion, believe that disclosure is necessary to protect our legal rights, or those of third parties and/or to comply with a judicial proceeding, court order, fraud reduction or legal process served on us. In such cases, we may raise or waive any legal objection or right available to us. These uses of your personal data are in our legitimate interests of protecting our business security. We may also use your personal data and share it with the recipients listed in this policy for the purpose of complying with our legal obligations.


We only send electronic marketing such as email or SMS marketing to people who have provided the relevant consent for us to do so. We will always offer an unsubscribe facility so you can opt out of receiving this marketing when you first make a loan application and in every marketing communication afterwards. We may on occasion send out postal marketing for the purpose of growing our sales which is in our legitimate interests and in this scenario we will rely on you to let us know if you do not want to receive this by opting out of the marketing. To opt-out please email us at

You also give us personal data such as contact information when you enter one of our competitions. In these circumstances you are giving us these details to participate. These functions only operate on our website on an opt-in basis and so we rely on your consent to use your personal data in this way.

You also give us your personal data when you participate in discussion boards or other social media functions which we may use from time to time on our website. Operating these discussion boards allows you to share your views with our other customers. This processing of data is in the legitimate interests of the business.


In the majority of cases our lending decisions rely solely on automated decision making and we have a legitimate interest in doing so as our business is solely online and requires decisions to be made consistently and in respect of a number of data points, to ensure we lend responsibly and have undertaken affordability and creditworthiness assessments, in accordance with regulatory requirements.


The personal data that we collect from you will be stored in the UK, however it will also be transferred and stored as follows:

  • We use the following ‘cloud providers’ to provide us with technical solutions. These include Microsoft Azure and Amazon Web Servers (AWS). Their GDPR portals explain where they store the personal data we provide to them and how they provide us with adequate safeguards to protect your personal data.
  • We provide personal data to our parent company. These transfers occur in accordance with an inter-company transfer agreement between the companies.

We only store your personal data for as long we need it. Details of our records retention policy is available upon request. To determine the appropriate period we consider the nature of the personal data, its sensitivity, the potential for harm and the regulatory requirements placed upon us. We may delete your personal data on your request – please refer to Your Rights and we may hold a list of the ‘opt out’ requests to record these requests.


You may provide us with following special categories of personal data. This is required for the performance of the contract. Card details are encrypted. Other information is held securely.

  • bank records;
  • card details;
  • utility bills;
  • identification records;
  • information pertaining to your health; and
  • information concerning your financial status.


All information you provide to us is stored on our servers and we have implemented reasonable and appropriate security measures to protect your personal data including limiting access to key personnel and utilising user names, passwords, encryption and anonymisation where appropriate. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee that data breaches will never occur. Please keep your password safe at all times and log out of inactive sessions. Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. Please do not provide us with any other person’s data unless we have specifically prompted you to do so.

For safety purposes, we may require users to verify their accounts (because we want to make sure you are not a robot or a minor). However, with the prevalence of ‘phishing’ you should treat all such emails with caution. We advise that you check our main website by typing in the full address (and not using a ‘cached’ copy of the website on your device) and use the contact details on our website to contact us to verify the request. We also do not recommend that you put email addresses, URLs, phone numbers, full names or addresses, credit card details or other identifying or sensitive information in any online chat function or public profile.

Our products are not aimed at children and neither is our website.


You have various rights under law that assist you with verifying our lawful use of your personal data.

Please refer to our policy for further information here


You may complain to your local supervisory data protection authority about us depending on where you are located. In the UK, please read: for details of how to do this.